A web application is deployed behind ELB on an EC2 instance. Any attacks on this application will result in a huge financial loss. You need to have a customized solution to secure this web application. A set of blacklisted IP addresses & malicious SQL code to be blocked is regularly shared by the Security Team to secure web applications. A highly skilled workforce is working to monitor traffic & apply this filter to block attacks immediately. Which of the following solution can be used to make web applications secure against external attacks?

Answer options:

A.Use AWS Shield Standard to secure web applications.
B.Use AWS Shield Advanced to secure web applications.
C.Use AWS WAF to create a regular rule to deny IP addresses & SQL attacks on the application.
D.Use AWS WAF to create a rate-based rule to deny IP address & SQL attacks on the application.

Correct Answer – C
AWS WAF can be used as a customized solution to block attacks. With AWS WAF, the following conditions can be used to deny traffic to web applications.
 · Cross-Site Scripting
· IP Address
· Length of request
· SQL injection
· Geographic Match
· String Match.
 AWS Shield is a managed solution for additional protection against DDOS attacks.
Options A & B are incorrect as AWS Shield is managed solution wherein AWS applies all security filters. In the above case, the customer is looking for a customized solution. So AWS WAF is a better option.
Option D is incorrect as all attacks need to be blocked instantaneously. The regular rule needs to be applied. A rate-based rule will block any attacks only after it passes threshold values in a specified period.
 For more information on AWS WAF, refer to the following URL-
https://docs.aws.amazon.com/waf/latest/developerguide/what-is-aws-waf.html